On the Detection and Handling of Security Incidents and Perimeter Breaches - A Modular and Flexible Honeytoken based Framework

Abstract

Information security is a fast-changing domain. Traditional security mechanisms such as firewalls and access control are circumvented regularly. The amount of significant security incidents grows each year. Deception systems are a perfect match to support perimeter-based technologies in intrusion detection, data breach identification and data leakage prevention. In this work, a framework is proposed generating, deploying, monitoring and maintaining honeytokens on a host system. The framework is easily extendable and flexible in its use. The authors also describe a prototype implementation for four different types of tokens and thereby address typical issues when operating honeytokens.